by 安全扫描
OpenClaw
安全
high confidence该技能的文件、运行指令和请求的环境变量与VibeSKU CLI一致:需要Node运行环境、API密钥/基础URL以及本地配置文件,不请求无关的凭证或可疑的系统访问。
评估建议
该技能看似合理,实现了CLI功能:将运行捆绑的Node脚本,读取VIBESKU_API_KEY(或使用浏览器/设备认证),读写~/.vibesku/config.json。安装或运行前,请确认信任技能源(主页和上游仓库已列出),限制API密钥的使用范围(如果可能,使用CI密钥进行自动化),避免在共享位置放置秘密。注意,CLI可能进行网络调用(向你的VIBESKU_BASE_URL发送API调用和对raw.githubusercontent.com的可选版本检查),并将在本地执行捆绑的JavaScript——如果你想要额外的保证,请审查bin/vibesku.js和技能文件夹中包含的小助手模块。...详细分析 ▾
✓ 用途与能力
Name/description (CLI for generating e-commerce visuals and copy) match the declared requirements: node runtime, VIBESKU_API_KEY, VIBESKU_BASE_URL, and a config file (~/.vibesku/config.json). The requested items are expected for a CLI that authenticates and uploads assets to a remote service.
ℹ 指令范围
SKILL.md instructs running the bundled Node script, authenticating via browser/device flow or API key, uploading local images, inspecting templates, and optionally checking an upstream VERSION on raw.githubusercontent.com. These actions are within scope, but the version-check guidance and the optional 'persist last version check timestamp' give the agent discretion to perform network calls and to store lightweight local state; this is reasonable for update checks but worth noting.
ℹ 安装机制
There is no separate install spec (instruction-only), and the SKILL.md expects the agent to run the provided bin/vibesku.js with Node. The repository includes bundled JS (commander, etc.) rather than performing remote downloads at install time. Execution of the bundled script will run code from the skill directory—normal for a CLI but means the code will execute on the host when invoked.
✓ 凭证需求
Required environment variables (VIBESKU_API_KEY primary, VIBESKU_BASE_URL, NO_COLOR) map directly to the CLI's needs. The skill reads/writes ~/.vibesku/config.json for tokens and base URL; the number and type of credentials requested are proportionate to the stated functionality.
✓ 持久化与权限
Skill is not always-enabled and uses normal autonomous invocation semantics. It writes/reads only its own config path (~/.vibesku/config.json) and suggests optionally storing a lightweight 'last version check' timestamp; it does not request system-wide settings or other skills' credentials.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.42026/3/10
元数据对齐 v0.2.4:声明OpenClaw运行时要求(环境变量、配置路径、Node二进制文件、主要环境)以匹配实际技能行为;无运行时行为变化。
● 无害
安装命令 点击复制
官方npx clawhub@latest install vibesku
镜像加速npx clawhub@latest install vibesku --registry https://cn.clawhub-mirror.com
技能文档
简介
Vibesku是一个基于AI的创意自动化平台,通过CLI工具将产品SKU照片转化为专业的电商视觉效果和市场就绪的文案。使用指南
- 安装:...
- 配置:...
- 运行:...
代码示例
# 示例命令
vibesku --help
注意事项
- 请确保Node环境已安装
- 保护API密钥安全
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制